Pushed by market forces, software development has become fast-paced. As a consequence, modern development projects are assembled from 3rd-party components. Security & privacy assurance techniques once designed for large, controlled updates over months or years, must now cope with small, continuous changes taking place within a week, and happening in sub-components that are controlled by third-party developers one might not even know they existed. In this paper, we aim to provide an overview of the current software security approaches and evaluate their appropriateness in the face of the changed nature in software development. Software security assurance could benefit by switching from a process-based to an artefact-based approach. Further, security evaluation might need to be more incremental, automated and decentralized. We believe this can be achieved by supporting mechanisms for lightweight and scalable screenings that are applicable to the entire population of software components albeit there might be a price to pay.

Secure Software Development in the Era of Fluid Multi-party Open Software and Services / Pashchenko, I.; Scandariato, R.; Sabetta, A.; Massacci, F.. - STAMPA. - (2021), pp. 91-95. (Intervento presentato al convegno 43rd ACM/IEEE International Conference on Software Engineering: New Ideas and Emerging Results, ICSE-NIER 2021 tenutosi a Virtual (originally Madrid, Spain) nel 25-28 May 2021) [10.1109/ICSE-NIER52604.2021.00027].

Secure Software Development in the Era of Fluid Multi-party Open Software and Services

Pashchenko I.;Massacci F.
2021-01-01

Abstract

Pushed by market forces, software development has become fast-paced. As a consequence, modern development projects are assembled from 3rd-party components. Security & privacy assurance techniques once designed for large, controlled updates over months or years, must now cope with small, continuous changes taking place within a week, and happening in sub-components that are controlled by third-party developers one might not even know they existed. In this paper, we aim to provide an overview of the current software security approaches and evaluate their appropriateness in the face of the changed nature in software development. Software security assurance could benefit by switching from a process-based to an artefact-based approach. Further, security evaluation might need to be more incremental, automated and decentralized. We believe this can be achieved by supporting mechanisms for lightweight and scalable screenings that are applicable to the entire population of software components albeit there might be a price to pay.
2021
Proceedings - International Conference on Software Engineering
10662 LOS VAQUEROS CIRCLE, PO BOX 3014, LOS ALAMITOS, CA 90720-1264 USA
IEEE Computer Society
978-1-6654-0140-1
Pashchenko, I.; Scandariato, R.; Sabetta, A.; Massacci, F.
Secure Software Development in the Era of Fluid Multi-party Open Software and Services / Pashchenko, I.; Scandariato, R.; Sabetta, A.; Massacci, F.. - STAMPA. - (2021), pp. 91-95. (Intervento presentato al convegno 43rd ACM/IEEE International Conference on Software Engineering: New Ideas and Emerging Results, ICSE-NIER 2021 tenutosi a Virtual (originally Madrid, Spain) nel 25-28 May 2021) [10.1109/ICSE-NIER52604.2021.00027].
File in questo prodotto:
File Dimensione Formato  
2103.03331.pdf

accesso aperto

Descrizione: Articolo principale
Tipologia: Post-print referato (Refereed author’s manuscript)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 2.85 MB
Formato Adobe PDF
2.85 MB Adobe PDF Visualizza/Apri
Secure_Software_Development_in_the_Era_of_Fluid_Multi-party_Open_Software_and_Services.pdf

Solo gestori archivio

Tipologia: Versione editoriale (Publisher’s layout)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 417.05 kB
Formato Adobe PDF
417.05 kB Adobe PDF   Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/319993
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 2
  • ???jsp.display-item.citation.isi??? 1
social impact